Cosmetic conglomerate Estée Lauder has been listed on the data leak sites of two of the most active threat groups today, ALPHV/BlackCat and Clop.
The BlackCat gang mocked the security of Estée Lauder in a message to the company, saying that they were still present on the network.
The MOVEit Campaign Strikes Again
The Estée Lauder Companies verified one of the attacks in a Security Exchange Commission (SEC) document on Tuesday, stating that the threat actor had gained access to some of its systems and may have stolen data.
The company said it moved proactively and pulled down several services to stop intruders from extending their reach on the network, although it did not go into great detail about the incident.
The cosmetics brand has declared that investigations are ongoing together with support from “leading third-party cybersecurity experts”
It appears as if the Clop ransomware gang gained access to the company after exploiting a vulnerability in the MOVEit Transfer platform for secure file transfers. The threat actor allegedly broke into hundreds of businesses for data theft and extortion in late May while the vulnerability was still a zero-day.
As reported by BleepingComputer, Clop ransomware lists Estée Lauder on their data leak site with the simple message “The company doesn’t care about its customers, it ignored their security!!!” and a note that they have more than 131GB of the company’s data.
BlackCat Pushes to Open Negotiations With Estée Lauder
The corporation was included in BlackCat’s list of victims on Tuesday, but the listing is accompanied by a note expressing the threat actor’s displeasure with Estée Lauder for refusing to respond to their extortion emails.
We first wrote to the ELC leadership on 15 July 2023 to their corporate and personal emails. At 9:43 MSK (UTC +3). We sent further emails from the same address, but received no reply.
BlackCat Ransomware (Source)
According to BlackCat, despite using Microsoft’s Detection and Response Team (DART) and Mandiant, the network remained infiltrated and they still had access, despite the fact that Estée Lauder had hired security specialists to look into the matter.
The threat group also said that they did not encrypt any of the company’s systems, stating that unless the beauty company engages in negotiations they will reveal more details about the stolen data. BlackCat hinted that the information stolen might have an effect on clients, staff members, and suppliers.
Based on the lack of response by Estée Lauder to BlackCat’s threats, it seems that the company will not engage in any negotiation with the threat actor.
Estée Lauder informs that their focus is on remediation, including efforts to restore impacted systems and services, and that the incident has caused, as is expected to continue so, disruptions to parts of the company’s business operations.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.